An Object Oriented Role-based Access Control Model for Secure Domain Environments
|
|
- Gervais Hopkins
- 8 years ago
- Views:
Transcription
1 International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan An Object Oriented -based Access Control Model for Secure Domain Environments Cungang Yang Department of Electrical and Computer Engineering, Ryerson University Toronto, Ontario, M5B 2K3, Canada ( (Received Aug. 22, 2005; revised and accepted Oct. 11, 2005) Abstract In the secure domain computing environments, it is important to keep resources and information integrity from unauthorized access. Therefore, there is a strong demand on the access control for shared resources. In the past few years, -based Access Control (RBAC) has been introduced and offered a powerful means of specifying access control decisions. In this paper, an Object Oriented RBAC model (ORBAC) that efficiently represents the real world is proposed. It not only supports a single secure domain authorization for an enterprise, but also supports multiple secure domains access control for E-business carried out by multiple enterprises over the Internet. Keywords: Digital credential, e-business, least privilege, ORBAC, secure domain 1 Introduction An important element of access control is secure domain which consists of a set of users and objects managed by a common security policy and defined by a single authority. With the increasing of shared resources, unauthorized access to information by illegal users also increases, it is necessary to secure data through user authentication and access control policies. Nowadays, there are three basic access control techniques: mandatory access control (MAC), discretionary access control (DAC) and role-based access control (RBAC) [6, 7, 8]. MAC enforces access control on the basis of information security labels attached to users and objects. MAC can determine all kinds of access control between subjects and objects consistently. Security labels are granted to all subjects and objects by the system supervisor and the modification of the security labels only in accordance with the content of the object. As MAC policy is not flexible, it is not suitable to be used in commercial areas. In case of DAC, each object has an access control list. However, in a large information system there are millions of objects, and each of which is assigned to thousands of subjects. The access control lists will be enormous in size and their maintenance will be much difficult and costly. Compared with DAC and MAC, the central notion of RBAC is that users do not directly get access to enterprise objects; instead, access privileges of the objects are associated with roles, each user is assigned to one or multiple members of appropriate roles. As a result, an organization cannot only preserve access control policy appropriate to its characteristics consistently, but it can also maintain access control relationships between users and objects independently. s can be assigned to members of roles as determined by their responsibilities and qualifications. On the other hand, they can be easily reassigned without modifying the underlying access structure. RBAC greatly simplifies the management of authorizations while providing an appropriate method for great flexibility in specifying and enforcing enterprisespecific protection policies and reducing the management costs. In the last few years, the fundamentals of RBAC policies have been identified [8] and a number of RBAC models have been proposed to satisfy security requirements in different areas [4, 6, 7], but they are all concept models and have not been efficiently represented the real world. In this paper, a variation of RBAC model for secure domain environment is proposed. The significance of the proposed model includes (1) It extends access control from a single secure domain to multiple secure domain environments. (2) It supports a role authorization algorithm. (3) Secure domain management architectures for a single secure domain and multiple secure domains are proposed. The rest of the paper is organized as follows. Section 2 introduces the object oriented role-based access control model for a single secure domain environment. Section 3 concerns about the model for multiple secure domain environments. Section 4 proposes the management architectures of secure domain environment. Section 5 concludes the paper.
2 International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan Session * Activates * Establish * Inherits 1 * * * * Has Has Privilege UR Figure 1: Class diagram of ORBAC model for single secure domain environment 2 ORBAC Model for Single Secure Domain Environment A number of different viewpoints about RBAC have been discussed[5, 9, 10]. The abstract model defined in this section intends to capture the essential features of RBAC and fully realizes the original RBAC functions for a single secure domain environment. The class diagram of OR- BAC described by United Modeling Language (UML)[11] is shown in Figure 1 and an example of ORBAC object diagram is illustrated in Figure 2. In the model, a user is a human being or an autonomous agent, a role is a collection of privileges to perform a certain task, a privilege is an access mode that can be exercised on objects. A user can be assigned to a number of different roles, and a role can have multiple users. A role may have multiple privileges, and the same privilege can be associated to different roles. Moreover, a role hierarchy is introduced to reflect inheritance of authority and responsibility among the roles and it is defined by: If r i r j, then role r i inherits the privileges of role r j, role r i is a direct parent role of role r j and role r j is a direct child role of role r i. Furthermore, the inheritance relationship can be transitive, that is, if r i r j and r j r k, then r i r k, role r i is an indirect parent role of role r k and role r k is an indirect child role of role r i. In the role hierarchy, direct and indirect parent roles are also defined as parent roles, direct and indirect child roles are defined as child roles. For instance, role B in Figure 2 is a direct parent role of role D and role D is a direct child role of role B, role B is a indirect parent role of role F and role F is an indirect child role of role B, role B is a parent role of role D and role F, role F is a child role of role B and role D. In the object diagram, each user is assigned a role set according to his/her responsibility and authority, it is called assigned role set. In Figure 2, the assigned role set of user X is {A, B and the assigned role set of user Y Figure 2: An example of ORBAC object diagram in a single secure domain is {B. Privileges are represented by object and its object methods. Any role may invoke one or a number of object methods and therefore directly have one or multiple privileges. Furthermore, a role may also indirectly inherit the privileges of their child roles. For instance, the privileges of role D is {((Object 4, o41 ) and its inherited privileges from role F is {(Object 1, o11), (Object 3, o31 ). In addition, for each role L, if a user s assigned role set including role L then he/she belongs to the authorized user set of role L. In Figure 2, the authorized user set of role B is {X, Y and the authorized user set of role A is {X. Association class UR deals with the relationships between a user and the roles he/she applies by using a role authorization algorithm. The algorithm automatically searches the role hierarchy from each of the applied roles to its direct or indirect parent roles, in a large enterprise, since a role hierarchy could be very large and complex, breadth-first is used as the searching method. The conditions that the search will be ended are: If user X applies for a role R, for any direct or indirect parent role of R, S, if S belongs to the authorized user set of role R then user X is authorized the role R. If user X is applying for a role R, for any direct or indirect parent role of R, S, if S does not belong to the authorized user set of role R then user X cannot be authorized the role R.
3 International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan Y X Session * Activates S D B E C A G * Establish * Inherits 1 * * * * * * * Foreign Foreign Privilege Has Has Has Has Domain UR UR F F T H I Trust Credentials Figure 3: An example of role authorization algorithm Figure 4: Class diagram of ORBAC model for multiple secure domain environment Algorithm 1: Authorization Algorithm (Applied role R, X) Input: X: identification of the user. Applied role R: the role that user applies for. V: the role set including role R and its parent roles in the role hierarchy. Q: a FIFO queue. Mark []: indicator of a visited/unvisited role. Di-Parent [r]: direct parent role of role r. Output: authorized role R to the user or refuse message. Begin For each u V {R Mark[u] = 0; Mark[R] = 1; Q {R; While Q <> 0 do{ Remove R from Q; if X the authorized user set of role R { output R; For eachv Di-Parent[R]{ if mark[v]=0 put v on Q ; output refuse message Analysis of the algorithm 1: For the applied role R, each direct or indirect parent role of R, S, is places in the queue once, assume the number of S is L, the computation complexity of the algorithm will be O(L). Example 1. In Figure 3, assume user X applies for role {H to obtain privileges, suppose the authorized user set of role A is {X, the authorization user set of role D is {S, the authorization user set of role H is {T. Assume breadth-first search method is used and the searching path for role H will be H G and H C A, when the search procedure reaches role A, user X belongs to the authorized user set of role A, so role {H is authorized to user X. If user T applies for role D, the searching path will be D B, user T does not belong to the authorized user set of role D and role B, so his/her application will be refused. In the object diagram, session is a mapping of a user to possible many roles [2], after the roles are authorized to a user by the role authorization algorithm, they are called authorized roles for the user. A user may have one or more than one sessions activated at the same time and each session may have a different combination of authorized roles. For instance, in Figure 2, in session 1, the authorized role for user X is {H; in session 2, the authorized role for user Y is {D. 3 ORBAC Model For Multiple Secure Domain Environments Multiple Secure domains consist of a set of users and objects that are managed by different security policies and defined by multiple authorities. In the multiple secure environments, users may want to access objects located outside their administration domains. On the other hand, with the development of the Internet and e-business, there are many requirements that users in a secure domain would like to share objects with users in other secure domains. The large distributed system, like Internet, is quickly becoming the largest marketplace, allowing commerce and business between parties who are physically distant and do not know each other, such applications involve every aspect of e-business. In the ORBAC model of Figure 4, the access control model is extended from a single secure domain environment to multiple secure domain environments and assume that all those different secure domains are based on the ORBAC model and interconnected on the Internet. In each single secure domain, some privileges can be accessed by the users from other secure domains, they are foreign privileges. Those users from other secure domains are called foreign domain
4 International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan users. To establish the relationships between users in different domains, some trustworthy need to be established. The traditional approach of using authentication to differentiate between classes of clients is no longer sufficient, as knowledge of a user s identity will often not sufficient to determine whether a user is authorized a privilege, credentials make it feasible to manage trust establishment efficiently, our goal is therefore to explore the use of digital credentials [1, 2, 3] to solve this problem. Digital credentials are the online counterparts of paper credentials that people use in their daily life, such as a driver s license, ACM membership card, VISA card, etc. They are signed by authorized parties and can be made verifiable and unforgeable. Trust credentials contains one or more than one digital credentials that should be provided by foreign domain users if they want to get some foreign privileges, such as the certificate of doctor or the certificate of nurse. For instance, if some services in a domain only can be accessed by the foreign domain user who is a certificated nurse, the certificate of nurse should be provided, if some service only can be accessed by the foreign domain user who is a certificated doctor, the certificate of doctor should be provided. Based on trust credentials, the privileges of a single secure domain is divided into three groups: 1) Privileges that can be accessed by foreign domain users without the constraints of trust credentials 2) Privileges that can not be access by foreign domain users. 3) Privileges that can be accessed by foreign domain users under different constraints of trust credentials. Only privileges in group (1) and group (3) are foreign privileges, in order to simplify the administration of those foreign privileges, foreign role is introduced. Foreign role represents a group of foreign domain users who are authorized to get access to foreign privileges, foreign domain users do not directly get access to foreign privileges; instead, foreign privileges are associated with foreign roles, each foreign domain user is assigned to one or multiple members of appropriate foreign roles and each foreign role is assigned to one or multiple foreign domain users. Each foreign role can be assigned multiple foreign privileges and each foreign privilege can be assigned to multiple foreign roles. This idea greatly simplifies the management of authorizations while providing an appropriate method for great flexibility in specifying and enforcing multiple secure domain access control and reduces the management costs. There are two kinds of trust credentials, authentication credentials and authorization credentials. Authentication credentials are the digital credentials which constraint foreign domain users to get foreign roles. For example, if a user wants to view a web page in which only some authentication credential holder can access, it is sufficient to prove that he/she is actually an authentication credential holder, foreign domain users can be assigned to G O X C1 C2 C3 C4 C5 H I J K B V V B V B B V B V B O X O X M1 M2 M1 M : Privileges can be accessed by foreign domain users under trust credentials + : Privileges can be accessed by foreign domain users unconditionally. + : Privileges can not be accessed by foreign domain users. :Foreign : Objects X : Object Method V: View abstract B: Buy Figure 5: An example of ORBAC object diagram in multiple secure domains members of foreign roles as determined by authentication credentials, for instance, in Figure 5, foreign role H is authorized to the group of foreign domain users who owns the C1 authentication credential and foreign role I is authorized to the group of foreign domain users who owns the C2 authentication credential. The other trust credential constraint is called authorization credential, it constraints whether or not the foreign domain users can get access to a foreign privilege after they have held foreign roles, the authorization credentials, for example, M1 and M2 in Figure 5 are Visa or Master card credential, so if a foreign domain user wants to buy the medical web pages 1 or web page 7, a M1 or M2 authorization credential should be submitted. Following example briefly introduces the basic elements in ORBAC object diagram for multiple secure domains. Example 2. Consider Figure 5 where privileges of object 3 and privileges of object 5 can not be authorized to foreign domain users, privilege (Object 2, V) and (Object 4, V) are authorized to foreign role G without authentication or authorization credentials, any foreign domain user can get access to them unconditionally. Privilege (Object 1, B) is authorized to foreign role H under the authentication credential C1; Privilege (Object 1, B) is authorized to foreign role I under the authentication credential C2; privileges (Object 6, B) is authorized to foreign role J under the authentication credential C3 and authorization credential M2, privileges (Object 6, B) is authorized to foreign role L under the authentication credential C5 and the authorization credential M2; privilege (Object 7,V) is authorized to foreign role J under the authentication credential C3 but without authorization credentials, privilege (Object 8, B) is authorized to foreign role K under the authentication credential C4 and the authorization credential M1; privilege (Object 8, B) is authorized to foreign role L under the authentication credential C5 and the authorization L
5 International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan credential M1. The association class UR F determines the mapping from the authentication credentials to foreign role and return the foreign role to the foreign domain user. The main function of the class is to call the foreign role authorization algorithm, accept applied foreign privilege from foreign domain users, for each applied foreign privilege, searches all the foreign roles which is authorized the foreign privilege using breadth-first search method, for instance, in Figure 5, the foreign roles of the foreign privilege {Object 7, V is J and the authentication credential for privilege {Object 7, V is C3, if the foreign authentication credentials a user provided contain C3, the user will be authorized the foreign role J to the user, otherwise, his/her application will be refused. The foreign role authentication algorithm is shown as follows. Algorithm 2: Foreign Authorization Algorithm Input: Applied foreign privilege M: the required foreign privilege M. Authentication credentials of the foreign domain user H: the authentication credentials the foreign domain user provided. Output: Authorized foreign role R to H or refuse message. { For each foreign role R of the foreign privilege M { if authentication credentials of R H { foreign role R is authorized; output foreign role R; output refuse message; 4 Secure Domain Management Architecture 4.1 Single Secure Domain Management Architecture In this section, two management architectures for a single secure domain, architecture 1 and architecture 2, are presented. Their collaboration diagrams are shown separately in Figure 6 and Figure 7. The main functions of each element in the architecture, domain security manager, role server, client and server have been described [12, 13]. Domain security manager: Creates and maintains the ORBAC secure role hierarchy, etc. Domain Security Manager (2) (3) (1) (4) (5) (5) Figure 6: Collaboration diagram for management architecture 1 : Automatically authorizes roles to users. : Accepts the applied roles from users who want to get some privileges for tasks and returns the authorized roles back to them. : Checks the user s authorized roles and decides whether or not permit him/her to get the privileges. The general procedure of the architecture 1 is shown as follows: 1) submits his/her user id and applies for role R via. 2) sends the user s id and his/her applied role R to role server. 3) server receives them and the role authorization algorithm is called to determine whether or not authorizes role R to the user, if R is authorized, a session will be created and the authorized roles are returned back to the user. 4) gets the authorized role R and accesses the server. 5) authorizes privileges to the user according to the authorized role R. The general procedure of architecture 2 is described as below: 1) submits his/her user id, required privileges and applies for role R via. 2) sends the user s id, required privileges and his/her applied role R to role server. 3) server receives them and the role authorization algorithm is called to determine whether or not assign role R to the user, if R is authorized, a session will be created, then server submits the authorized role R and the user s required privileges to access the server. 4) authorizes privileges to the user according to the authorized role R.
6 International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan Domain N Domain Security Manager (1) (4) (2) (4) (4) (3) Domain Security Manager (5) (2) (4) (5) Figure 7: Collaboration diagram for management architecture 2 Domain M 4.2 Secure Multiple Domain Management Architecture In this section, a collaboration diagram for multiple secure domain management architecture is present. Assume that all single secure domains are based on the ORBAC model, a user in a single secure domain not only can be authorized the roles and get access to the objects in his/her domain, but also he/she can be authorized foreign roles and get access to the objects in other secure domains. In Figure 8, user in domain N gets access to the objects in domain M and user in domain M gets access to the objects in domain N. In multiple secure domain environments, more functions of each element in the architecture, domain security manager, role server, client and server are shown as below: Domain security manager: Creates and maintains the trust credential constraints and define foreign roles and foreign privileges, etc. : Besides authorizing roles to user in its secure domain, role server also automatically authorizes those foreign privileges to foreign domain users. Automatically authorizes foreign roles to foreign domain users. : Accepts the applied foreign domain privilege from users and returns the authorized foreign privilege back to them. : Checks the foreign domain user s authorized foreign roles and decides whether or not permit him/her to get the foreign privileges. The general procedure of the multiple secure domain management architecture is shown as below, assume the user in domain M applies for foreign privilege in domain N: 1) in domain M applies for foreign privilege in domain N, role server of domain N replies him/her with the required authentication credentials (if exist), then he/she submits the required authentication credentials to the role server. 2) server calls foreign role authentication algorithm to assigns him/her a foreign role R, then searches all the authorization credentials (if exist) for his/her required privilege and returns them to the user. Domain Security Manager (5) (1) (3) (3) (5) (1) (2) Figure 8: Collaboration diagram for multiple secure domain management architecture 3) selects the required authorization credentials and sends them to role server. 4) gets access to the server along with the user s authorized foreign role R and his/her required foreign privileges. 5) authorizes him/her required privileges according to the authorized foreign role R. 5 Conclusion and Future Work In this paper, an objected oriented RBAC model (OR- BAC) for secure domain is presented. The driving motivation of it is to simplify security policy administration. The main contributions of this paper are the object oriented role-based access control model and management architecture for a single and multiple secure domain environments. In the role-based access control model, it is assured that users access to objects based on roles to which users belong. However, illegal information flow among objects may occur, as this is the confinement problem pointed out in the basic access control model. In order to create a secure role hierarchy so that no indirect privilege authorization (illegal information flow) exists and guarantee the user role authorization methods, more research work on it is much required.
7 International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan References [1] M. Blaze, J. Feignbaum, and A. D. Keromytis, KeyNote: Trust management of public-key infrastructures, Security Protocals, 6th International Workshop, Cambridge UK, pp , [2] M. Blaze, J. Feignbaum, and J. Lacy, Decentralized trust management, IEEE Symposium on Security and Privacy, pp , Oakland, CA, May [3] M. Blaze, J. Feignbaum, J, Ioannidis, and A. Keromytis, The KeyNote trust management system version 2, Internet Draft RFC 2704, Sept [4] D. Ferraiolo, J. Cugini, and D. R. Kulin, based access control: Features and motivacation, in Annual Computer Security Applications Conference, IEEE Computer Society Press, pp , [5] Integrity in Automated Information Systems, National Computer Security Center, pp , Sept [6] T. Jaeger and Frederquegiraud, A role-based access control model for protection domain derivation and management, Second ACM Workshop on - Based-Access-Control, pp , Fairfax, Virginia, USA, Nov [7] R. Sandhu and V. Bhamidipati, The ARBAC97 model for role-based administration of roles: Preliminary description and outline, Second ACM Workshop on -Based-Access-Control, Fairfax, Virginia, USA, pp , Nov [8] R. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, based access control models, IEEE Computer, vol. 29, no. 2, pp , Feb [9] R. Sandhu, D. Ferraiodo and R. Kulin, The NIST model for role-based access control: Towards a unified standard, Fifth ACM Workshop on -Based Access Control, Berlin, Germany, pp , July [10] S. Sborn and Y. Guo, Modeling users in role-based access control, Fifth ACM workshop on -Based Access Control, Berlin, Germany, pp , July 26-27, [11] UnitedModeling Language, UML resource center, [12] C. N. Zhang and C. Yang, Specification and enforcement of object-oriented RBAC model, in 2001 IEEE Canadian Conference on Electrical and Computer Engineering, Toronto, pp , May [13] C. N. Zhang and C. Yang, An object-oriented RBAC model for distributed system, in 2001 IEEE/IFIP Conference on Software Architecture WICSA 2001, Netherland, pp , Aug Cungang Yang received the M.S degree in computer science from Jilin University, China. He completed his Ph.D degree in computer science in 2003 at University of Regina, Canada. In 2003, he joined the Ryerson University as an assistant professor in the Department of Electrical and Computer Engineering. His research areas include security and privacy, enhanced role-based access control model, information flow control, web security and secure wireless sensor networks.
Implementing XML-based Role and Schema Migration Scheme for Clouds
Implementing XML-based Role and Schema Migration Scheme for Clouds Gurleen Kaur 1, Sarbjeet Singh 2 Computer Science and Engineering, UIET Panjab University, Chandigarh, India 1 gurleenturka@gmail.com
More informationAdministration of Access Control in Information Systems Using URBAC Model
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 19 No. 2 (2011), pp. 89-109 Administration of Access Control in Information Systems Using URBAC Model Aneta Poniszewska-Marańda Institute of Information Technology
More informationRole-Based Access Control Requirements Model with Purpose Extension
Role-Based Access Control Requirements Model with Purpose Extension Faranak Farzad 1, Eric Yu Faculty of Information Studies University of Toronto, Canada Patrick C. K. Hung Faculty of Business and Information
More informationRole-based Authorization Constraints Specification Using Object Constraint Language
Role-based Authorization Constraints Specification Using Object Constraint Language Gail-Joon Ahn Department of Computer Science University of North Carolina at Charlotte gahn@uncc.edu Michael. E. Shin
More informationCompleteness, Versatility, and Practicality in Role Based Administration
Completeness, Versatility, and Practicality in Role Based Administration Slobodan Vukanović svuk002@ec.auckland.ac.nz Abstract Applying role based administration to role based access control systems has
More informationAdvanced Features for Enterprise-Wide Role-Based Access Control
Advanced Features for Enterprise-Wide -Based Access Control Axel Kern Systor Security Solutions GmbH Hermann-Heinrich-Gossen-Str. 3 50858 Köln, Germany axel.kern@systorsecurity.com Abstract The administration
More informationImplement role based access control with attribute certificates
Implement role based access control with attribute certificates Wei Zhou Computer Science Department University of Trier D-54286 Trier, Germany zhouwei48@hotmail.com Christoph Meinel Computer Science Department
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationRole Based Access Control
Role Based Access Control Role-Based Access Control Models. By R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, IEEE Computer, vol 29(2):38--47, February 1996. The most cited paper in access control!
More informationCHAPTER 22 Database Security Integration Using Role-Based Access Control
CHAPTER 22 Database Security Integration Using Role-Based Access Control Sylvia Osborn Department of Computer Science, The University of Western Ontario London, Ontario, Canada, N6A-5B7 svlvia@csd.uwo.ca
More informationSecure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI
Volume: 2, Issue: 7, 20-27 July 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 Miss Rohini Vidhate Savitribai Phule Pune University. Mr. V. D. Shinde Savitribai
More informationAccess Control of Cloud Service Based on UCON
Access Control of Cloud Service Based on UCON Chen Danwei, Huang Xiuli, and Ren Xunyi Nanjing University of posts & Telecommunications, New Model Street No.66, 210003, Nanjing, China chendw@njupt.edu.cn,
More informationRole Based Access Control (RBAC) Nicola Zannone
Role Based Access Control (RBAC) Nicola Zannone 1 DAC and MAC Discretionary Access Control (DAC) Access control determined by the owner of an object Oner can delegate access rights to other users Access
More informationComparing Simple Role Based Access Control Models and Access Control Lists. Abstract. 1 Introduction
Comparing Simple Role Based Access Control Models and Access Control Lists John Barkley National Institute of Standards and Technology Gait hersburg MD 20899 (301) 975-3346 j barkleyanist.gov Abstract
More informationAn Improved Administration Method on Role-Based Access Control in the Enterprise Environment
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 17, 921-944 (2001) An Improved Administration Method on Role-Based Access Control in the Enterprise Environment SEJONG OH AND SEOG PARK * Department of Computer
More informationA Faster Way to Temporarily Redirect the Role Based Access Control Workflow Processes Christine Liang
A Faster Way to Temporarily Redirect the Role Based Access Control Workflow Processes Christine Liang ABSTRACT In recent years, many large organizations have used the Role Based Access Control (RBAC) Workflow
More informationA TRUST BASED DELEGATION SYSTEM FOR MANAGING ACCESS CONTROL. Rainer Steffen, Rudi Knorr*
A TRUST BASED DELEGATION SYSTEM FOR MANAGING ACCESS CONTROL Rainer Steffen, Rudi Knorr* Abstract Trust is considered to be a powerful approach for managing access control in pervasive computing scenarios.
More informationWeb Services: Role Based Access Control with Single Sign-on Architecture
Rochester Institute of Technology Department of Computer Science M.S. Computer Science Project Proposal Web Services: Role Based Access Control with Single Sign-on Architecture Yevgeniy Gershteyn gershteyn@gmail.com
More informationComponents- Based Access Control Architecture
Issue s in Informing Science and Information Technology Volume 6, 2009 Components- Based Access Control Architecture Adesina S. Sodiya and Adebukola S. Onashoga Department of Computer Science, University
More informationRole Based Access Control Framework for Network Enterprises
Role Based Access Control Framework for Network Enterprises Dan Thomsen, Dick O Brien, and Jessica Bogle Secure Computing Corporation 2675 Long Lake Road Roseville, MN 55113 thomsen@securecomputing.com
More informationWorkflow Access Control from a Business Perspective
Workflow Access Control from a Business Perspective Dulce Domingos, António Rito-Silva 2, Pedro Veiga Informatics Department, University of Lisbon, Faculty of Sciences {dulce, pmv}@di.fc.ul.pt 2 INESC-ID
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at http://www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2004 Vol. 3, no. 3, March-April 2004 L n RBAC: A Multiple-Levelled Role- Based Access
More informationLeveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC
Leveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC S. Berhe 1, S. Demurjian 1, S. Gokhale 1, J. Pavlich-Mariscal 2,3,
More informationRole-Based Access Control Approaches In Mangodb 2.4 and Informix Online Dynamic Server Version 7.2
Role-Based Access Control Approaches In Mangodb 2.4 and Informix Online Dynamic Server Version 7.2 Abubakar Sulaiman Gezawa 1, Ahmed Aliyu 2, Tong Yujun 3, Saifullahi Aminu Bello 4, Abubakar Ado 5 System
More informationTowards Securing E-Banking by an Integrated Service Model Utilizing Mobile Confirmation
Research Inventy: International Journal of Engineering And Science Vol.4, Issue 9 (Sept 2014), PP 26-30 Issn (e): 2278-4721, Issn (p):2319-6483, www.researchinventy.com Towards Securing E-Banking by an
More informationA Model for Context-dependent Access Control for Web-based Services with Role-based Approach
A Model for Context-dependent Access Control for Web-based Services with Role-based Approach Ruben Wolf, Thomas Keinz, Markus Schneider FhG Institute for Secure Telecooperation (SIT), 64293 Darmstadt,
More informationRBAC and HIPAA Security
Chief Executive, HIPAA Academy RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Session Objective Challenges HIPAA Requirements Seven Steps to HIPAA Security Access Control RBAC Information Access
More informationMRBAC: Hierarchical Role Management and Security Access Control for Distributed Multimedia Systems
MRBAC: Hierarchical Role Management and Security Access Control for Distributed Multimedia Systems Na Zhao 1, Min Chen 2, Shu-Ching Chen 1, Mei-Ling Shyu 3 1 Distributed Multimedia Information System Laboratory
More informationMeta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions
Meta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions Kathrin Lehmann, Florian Matthes Chair for Software Engineering for Business Information Systems Technische
More informationRole-based access control. RBAC: Motivations
Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,
More informationInter-domain authorization and delegation for business-to-business e-commerce.
Inter-domain authorization and delegation for business-to-business e-commerce. Pietro Michiardi and Refik Molva {First Name.Last Name}@eurecom.fr Institut Eurécom, 2229 Route des Crêtes BP 193 06904 Sophia-Antipolis
More informationRole-Based Access Controls
Role-Based Access Controls Reprinted from 15th National Computer Security Conference (1992) Baltimore, Oct 13-16, 1992. pp. 554-563 David F. Ferraiolo and D. Richard Kuhn National Institute of Standards
More informationOriginator Control in Usage Control *
Originator Control in Usage Control * Jaehong Park Laboratory for Information Security Technology ISE Department, MS4A4 George Mason University, Fairfax, VA 22030 jaehpark@ise.gmu.edu, www.list.gmu.edu/park
More informationRole Based Access Control and the JXTA Peer-to-Peer Framework
Role Based Access Control and the JXTA Peer-to-Peer Framework Amit Mathur Symantec Corporation Cupertino, California Suneuy Kim Department of Computer Science San José State University San José, California
More informationAUTHENTICATION AND ACCESS CONTROL BEST PRACTICES FOR HEALTHCARE SYSTEMS
AUTHENTICATION AND ACCESS CONTROL BEST PRACTICES FOR HEALTHCARE SYSTEMS Lamaris Davis ICTN6865 East Carolina University Abstract Securing EHR s continue to be a huge problem for all health care organizations.
More informationContext-Aware Role Based Access Control Using User Relationship
International Journal of Computer Theory and Engineering, Vol. 5, No. 3, June 2013 Context-Aware Role Based Access Control Using User Relationship Kangsoo Jung and Seog Park We suggest relationship-based
More informationChapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments
Chapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments Abhishek Majumder, Suyel Namasudra and Samir Nath Abstract Cloud computing is an emerging and highly attractive technology
More informationHow To Develop Software
Software Engineering Prof. N.L. Sarda Computer Science & Engineering Indian Institute of Technology, Bombay Lecture-4 Overview of Phases (Part - II) We studied the problem definition phase, with which
More informationCurriculum Vitae. Zhenchang Xing
Curriculum Vitae Zhenchang Xing Computing Science Department University of Alberta, Edmonton, Alberta T6G 2E8 Phone: (780) 433 0808 E-mail: xing@cs.ualberta.ca http://www.cs.ualberta.ca/~xing EDUCATION
More informationIncorporating database systems into a secure software development methodology
Incorporating database systems into a secure software development methodology Eduardo B. Fernandez 1, Jan Jurjens 2, Nobukazu Yoshioka 3, and Hironori Washizaki 4 1 Dept. of Computer Science, Florida Atlantic
More informationDATABASE SECURITY MECHANISMS AND IMPLEMENTATIONS
DATABASE SECURITY MECHANISMS AND IMPLEMENTATIONS Manying Qiu, Virginia State University, mqiu@vsu.edu Steve Davis, Clemson University, davis@clemson.edu ABSTRACT People considering improvements in database
More information1. Introduction. 2. Background. 2.1. Cloud computing in a nutshell
Title: Towards new access control models for Cloud computing systems Category: 'In the Cloud' - Security Author name: Gouglidis Antonios City, Country: Thessaloniki, Greece Year of study, Course Title:
More informationCONCEPTUAL FRAMEWORK FOR GEOSPATIAL DATA SECURITY
CONCEPTUAL FRAMEWORK FOR GEOSPATIAL DATA SECURITY Sangita Zope- Chaudhari 1 and P. Venkatachalam 2 1 Research Scholar, Centre of Studies in Resources Engineering, Indian Institute of Technology Bombay,
More informationRole-Based Access Control (RBAC): Features and Motivations
Role-Based Access Control (RBAC): Features and Motivations David F. Ferraiolo, Janet A. Cugini, D. Richard Kuhn National Institute of Standards and Technology U. S. Department of Commerce Gaithersburg
More informationDistributed Attribute Based Encryption for Patient Health Record Security under Clouds
Distributed Attribute Based Encryption for Patient Health Record Security under Clouds SHILPA ELSA ABRAHAM II ME (CSE) Nandha Engineering College Erode Abstract-Patient Health Records (PHR) is maintained
More informationA GTRBAC Based System for Dynamic Workflow Composition and Management
A GTRBAC Based System for Dynamic Workflow Composition and Management Basit Shafiq, Arjmand Samuel, and Halima Ghafoor Purdue University {shafiq, amsamuel}@ecn.purdue.edu Abstract In this paper, we propose
More informationMulti Tenancy Access Control Using Cloud Service in MVC
Multi Tenancy Access Control Using Cloud Service in MVC 1 Sonia Gupta, 2 Rubal Choudary Indo Global College of Engg, Abhipur, Mohali Abstract - Cloud Computing is the next generation Internet service and
More informationTowards Securing APIs in Cloud Computing
Towards Securing APIs in Cloud Computing Kumar Gunjan #1, R. K. Tiwari *2, G. Sahoo #3 # Department of Information Technology, Birla Institute of Technology, Mesra Ranchi, India * RVS College of Engineering&
More informationA Survey of Criterion-Based Role to Access Control Model in Secure Permissions
A Survey of Criterion-Based Role to Access Control Model in Secure Permissions Lakshmi Satish Chandra. Gorijala 1, Dr Syed Umar 2, Vinay satya kumar.yaddanapudi 3, Nageswara Rao. Mandava 4 B.Tech Student,
More informationIdentity Lifecycle Management Technology
Identity Lifecycle Management Technology Authors: Seiichi Kondo* and Tatsuya Tsurukawa* 1. Introduction In an integrated identity system for shared use by the types of security components of a corporate
More informationA Semantic Approach for Access Control in Web Services
A Semantic Approach for Access Control in Web Services M. I. Yagüe, J. Mª Troya Computer Science Department, University of Málaga, Málaga, Spain {yague, troya}@lcc.uma.es Abstract One of the most important
More informationImplementation of Role Based Access Control on Encrypted Data in Hybrid Cloud
Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud Gajanan Ganorkar, Prof. A.B. Deshmukh, Prof M.D.Tambhakhe Information Technology Email:g.ganorkar7691@gmail.com Contact: 8600200142
More informationCloud-based Identity and Access Control for Diagnostic Imaging Systems
Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering University of Ontario Institute of Technology
More informationImproving Scenario-Driven Role Engineering Process with Aspects
Improving Scenario-Driven Role Engineering Process with Aspects Shu Gao, Zhengfan Dai School of Computer Science Florida International University Miami, FL 33199, USA {sgao01, zdai01}@cs.fiu.edu Huiqun
More informationAnalysis of Different Access Control Mechanism in Cloud
Analysis of Different Access Control Mechanism in Cloud Punithasurya K Post Graduate Scholar Department of Information Technology Karunya University, India Jeba Priya S Lecturer Department of Information
More informationMoving from Security to Distributed Trust in Ubiquitous Computing Environments
Moving from Security to Distributed Trust in Ubiquitous Computing Environments Lalana Kagal, Tim Finin and Anupam Joshi University of Maryland Baltimore County email : lkagal1,finin,ajoshi@cs.umbc.edu
More informationRisk Management in Dynamic Role Based Access Control Systems
Risk Management in Dynamic Role Based Access Control Systems J. Ma, K. Adi, L. Logrippo, Serge Mankovski, Department of Computer Science and Engineering Université du Québec en Outaouais Québec, Canada.
More informationDesign of Financial Industry s Intermediary Business System based on Tuxedo
2012 International Conference on Computer Technology and Science (ICCTS 2012) IPCSIT vol. 47 (2012) (2012) IACSIT Press, Singapore DOI: 10.7763/IPCSIT.2012.V47.74 Design of Financial Industry s Intermediary
More informationSCATS SALES AND CUSTOMER TRACKING SYSTEM SOFTWARE REQUIREMENTS SPECIFICATION VERSION: FINAL 1.0
SCATS SALES AND CUSTOMER TRACKING SYSTEM SOFTWARE REQUIREMENTS SPECIFICATION VERSION: FINAL 1.0 OCTOBER 28, 2001 REVISION CHART Version Primary Author(s) Description of Version Date Completed Draft Johnny
More informationSecure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines
Research Journal of Applied Sciences, Engineering and Technology 7(18): 3786-3790, 2014 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2014 Submitted: October 26, 2013 Accepted: December
More informationLearning Concept Hierarchy from YANG for Management of Software-Defined Networking based on Theory of Concept Lattices
, pp.223-232 http://dx.doi.org/0.4257/ijgdc.205.8.5.22 Learning Concept Hierarchy from YANG for Management of Software-Defined Networking based on Theory of Concept Lattices Hui Xu, Chunzhi Wang and Hongwei
More informationCLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS
CLOUD-HOSTED PROXY BASED COLLABORATION IN MULTI- CLOUD COMPUTING ENVIRONMENTS WITH ABAC METHODS Shilpa G S 1, Maria Navin J R 2 1 PG Student, Dept. of Computer Science and Engineering, SVCE Bangalore,
More informationThe CVS-Server Case Study: A Formalized Security Architecture
The CVS-Server Case Study: A Formalized Security Architecture Extended Abstract Achim D. Brucker, Frank Rittinger, and Burkhart Wolff {brucker,rittinge,wolff}@informatik.uni-freiburg.de 1 Introduction
More informationUSER ACCESS CONTROL AND SECURITY MODEL
102 USER ACCESS CONTROL AND SECURTY MODEL Cahyo Crysdian, Harihodin b. Selamat, Mohd. Noor b. Md. Sap (crysdian@yahoo.com, harihodn@itp.utm.my, mohdnoor@fsksm.utm.my) Faculty of Computer Science and nformation
More informationIntegrating Policy-Driven Role Based Access Control with the Common Data Security Architecture
Integrating Policy-Driven Role Based Access Control with the Common Data Architecture Along Lin Extended Enterprise Laboratory HP Laboratories Bristol HPL-1999-59 April, 1999 E-mail: alin@hplb.hpl.hp.com
More information3-12 Autonomous Access Control among Nodes in Sensor Networks with Security Policies
3-12 Autonomous Access Control among Nodes in Sensor Networks with Security Policies This paper describes a new framework of policy control sensor networks. Sensor networks are shared by various applications,
More informationPurpose-Centric Secure Information Sharing
Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security (ICS) University of Texas at San Antonio September 2009 ravi.sandhu@utsa.edu
More informationBest Practices, Procedures and Methods for Access Control Management. Michael Haythorn
Best Practices, Procedures and Methods for Access Control Management Michael Haythorn July 13, 2013 Table of Contents Abstract... 2 What is Access?... 3 Access Control... 3 Identification... 3 Authentication...
More informationBM482E Introduction to Computer Security
BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based
More informationRoles in Building Web Applications using Java
Roles in Building Web Applications using Java Guido Boella Dipartimento di Informatica Università di Torino Italy +390116706711 guido@di.unito.it Andrea Cerisara Dipartimento di Informatica Università
More informationA Model of OASIS Role-Based Access Control and Its Support for Active Security
A Model of OASIS Role-Based Access Control and Its Support for Active Security JEAN BACON, KEN MOODY, and WALT YAO University of Cambridge OASIS is a role-based access control architecture for achieving
More informationKerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk
Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete
More informationMOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES
MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES Marko Schuba and Konrad Wrona Ericsson Research, Germany ABSTRACT This paper describes the Mobile Chip Electronic Commerce
More informationRole Based Encryption with Efficient Access Control in Cloud Storage
Role Based Encryption with Efficient Access Control in Cloud Storage G. V. Bandewar 1, R. H. Borhade 2 1 Department of Information Technology, Sinhgad Technical Education Society s SKNCOE, Pune, India
More informationRole Engineering: The Cornerstone of Role- Based Access Control DECEMBER 2009
WHITE PAPER: ROLE ENGINEERING AND ROLE-BASED ACCESS CONTROL Role Engineering: The Cornerstone of Role- Based Access Control DECEMBER 2009 Srinivasan Vanamali, CISA, CISSP CA SERVICES Table of Contents
More informationEnsuring Access Control in Cloud Provisioned Healthcare Systems
Ensuring Access Control in Cloud Provisioned Healthcare Systems Hema Andal Jayaprakash Narayanan Department of Computer Science and Engineering University of Nevada, Reno Abstract An important issues in
More informationFuzzy Role-Based Access Control
Fuzzy Role-Based Access Control Carles Martínez-García a,, Guillermo Navarro-Arribas b, Joan Borrell a a Department of Information and Communications Engineering (deic), Universitat Autònoma de Barcelona,
More informationIntegrating basic Access Control Models for efficient security along with encryption for the ERP System
Integrating basic Access Control Models for efficient security along with encryption for the ERP System Prof. Swapnaja A. Ubale Research Scholar (Computer Science & Engineering Department) Research Center
More informationCollaboration Service Integration Platform Using Context-Aware Role-Based Access Model
, pp.126-131 http://dx.doi.org/10.14257/astl.2013.29.26 Collaboration Service Integration Platform Using Context-Aware Role-Based Access Model Shu-Ping Lu 1, Kuei-Kai Shao 1, Yu-Nung Chao 1, Kuo-Shu Luo
More informationStrategic Role Engineering Approach to Visual Role Based Access Control (V-RBAC)
International Journal of Computer Applications in Engineering Sciences [VOL III, ISSUE II, JUNE 2013] [ISSN: 2231-4946] Strategic Role Engineering Approach to Visual Role Based Access Control (V-RBAC)
More informationFREEDOM IN ADULT EDUCATION
FREEDOM IN ADULT EDUCATION Abstract The paper deals with the term freedom in the education environment. The author s attention is focused on the adult education. He attempts to specify his point of view
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationHow To Create A Collaborative Learning System In An Elearning System
ROLE-BASED ADAPTIVE COLLABORATIVE LEARNING MODEL FAHAD T. ALOTAIBY Information Technology School George Mason University Fairfax, VA 22030 Falotai1@gmu.edu IBRAHIM S. ABDULLAH Information systems King
More informationConclusion and Future Directions
Chapter 9 Conclusion and Future Directions The success of e-commerce and e-business applications depends upon the trusted users. Masqueraders use their intelligence to challenge the security during transaction
More informationInternational Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518
International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 Software as a Model for Security in Cloud over Virtual Environments S.Vengadesan, B.Muthulakshmi PG Student,
More informationISSN: 2321-7782 (Online) Volume 3, Issue 3, March 2015 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 3, Issue 3, March 2015 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online
More informationRole-based Access Control in Online Authoring and Publishing Systems vs. Document Hierarchy
Role-based Access Control in Online Authoring and Publishing Systems vs. Document Hierarchy Z. Zhang, E. Haffner, A. Heuer, T. Engel, Ch. Meinel Institute for Telematics Bahnhofstr. 30-32, 54292 Trier,
More informationKerberos SecureSingleSign-onAuthenticationProtocolFrameworkforCloudAccessControl
Global Journal of Computer Science and Technology: B Cloud and Distributed Volume 14 Issue 1 Version 1.0 Year 2014 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationSecurity Model and Enforcement for Data-Centric Pub/Sub with High Information Assurance Requirements
Security Model and Enforcement for Data-Centric Pub/Sub with High Information Assurance Requirements Sebastian Staamann, Director Security Products, PrismTech OMG's Eighth Workshop on Distributed Object
More informationResearch and Practice of DataRBAC-based Big Data Privacy Protection
Send Orders for Reprints to reprints@benthamscience.ae The Open Cybernetics & Systemics Journal, 2015, 9, 669-673 669 Open Access Research and Practice of DataRBAC-based Big Data Privacy Protection Huang
More informationA Catechistic Method for Traffic Pattern Discovery in MANET
A Catechistic Method for Traffic Pattern Discovery in MANET R. Saranya 1, R. Santhosh 2 1 PG Scholar, Computer Science and Engineering, Karpagam University, Coimbatore. 2 Assistant Professor, Computer
More informationThe Role-Based Access Control System of a European Bank: A Case Study and Discussion
The Role-Based Access Control System of a European Bank: A Case Study and Discussion Andreas Schaad, Jonathan Moffett and Jeremy Jacob EMail: {andreas, jdm, jeremy}@cs.york.ac.uk Department of Computer
More informationA logical approach to dynamic role-based access control
A logical approach to dynamic role-based access control Philippe Balbiani Yannick Chevalier Marwa El Houri Abstract Since its formalization RBAC has become the yardstick for the evaluation of access control
More informationDATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION
DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION Hasna.R 1, S.Sangeetha 2 1 PG Scholar, Dhanalakshmi Srinivasan College of Engineering, Coimbatore. 2 Assistant Professor, Dhanalakshmi Srinivasan
More informationOnline Competency Assessment (OCA) Project
Board Direction Motion 5533 (May 21, 2015) THAT a monitoring report be prepared to demonstrate how creation of a new online competency assessment system by Engineers Canada will support constituent associations
More informationAgent-Based Cloud Broker Architecture for Distributed Access Control
Agent-Based Cloud Broker Architecture for Distributed Access Control Manoj V. Thomas 1, and Chandra Sekaran K. Department of Computer Science and Engineering. NITK, Surathkal, Mangalore 575 025, India.
More informationExtended RBAC Based Design and Implementation for a Secure Data Warehouse
Extended RBAC Based Design and Implementation for a Data Warehouse Dr. Bhavani Thuraisingham The University of Texas at Dallas bhavani.thuraisingham@utdallas.edu Srinivasan Iyer The University of Texas
More informationWeb Service Authorization Framework
Web Service Authorization Framework Thomas Ziebermayr, Stefan Probst Software Competence Center Hagenberg, Hauptstrasse 99, 4232 Hagenberg, Austria thomas.ziebermayr@scch.at, stefan.probst@scch.at Abstract
More informationAn Experimental News Production System with Flexible Role-Based Access Control
An Experimental News Production System with Flexible Role-Based Access Control Min-Che Ho Computer Science Department National Chengchi University Taipei, Taiwan fantast@alumni.nccu.edu.tw Tsai-Yen Li
More informationCS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University
CS377: Database Systems Data Security and Privacy Li Xiong Department of Mathematics and Computer Science Emory University 1 Principles of Data Security CIA Confidentiality Triad Prevent the disclosure
More information